[Samba] \System32\GroupPolicy named pipe?

Andrew Bartlett abartlet at samba.org
Sun Dec 1 01:26:00 GMT 2002 

On Sun, 2002-12-01 at 11:48, Andrew Bartlett wrote:
> On Sun, 2002-12-01 at 08:08, Jason Spence wrote:
> > Hi -
> > 
> > I'm using samba to connect some windows boxen to a distributed set of
> > unix machines.  I'm trying to unify some of the administrative
> > interfaces via mmc, specifically the group policy stuff.  When I try
> > to use the Group Policy snap-in to connect to my samba 2.2.1 servers,
> > I see the windows box do a Tree Connect Andx to
> > ADMIN$\System32\GroupPolicy, and then the samba box responds with
> > 0x0004, permission denied.  Then the windows box goes and tries to
> > create ADMIN$\System32, which also fails.  I have sniffer dumps of
> > the exchange here (libpcap format, use Ethereal to open): 
> > 
> > http://lightconsulting.com/~thalakan/gpdump.cap
> 
> A comparitive capture of what Win2k does could be useful here.
> 
> > Poking around in the samba source code, it looks like ADMIN$ is
> > aliased to IPC$, but the System32 named pipe isn't created anywhere.
> > Does anyone have any thoughts on implementing this and whatever
> > associated protocol is necessary to modify server-side group policies
> > over it?
> 
> ADMIN$ is actually a disk share under NT - so it's not a system32 pipe,
> but actually c:\winnt\system32.   (admin$ is an alias for
> %systempath%).  

Just a clarification: You can do IPC operations on disk shares, and some
domain clients use ADMIN$ for the IPC part of the domain join.  As Samba
doesn't want to provide a 'disk' share that admins can't control, it
maps it as an IPC share.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021201/79cc92b4/attachment.bin

More information about the samba mailing list